Job Description

The IT Governance, Risk and Compliance Manager will be responsible for establishing and maintaining a robust IT GRC framework for Motus IT. This role involves developing controls to manage IT risks and ensure compliance with regulatory requirements that align with IT strategies and Motus's overall objectives.

Position Overview

The IT Governance, Risk and Compliance Manager will be responsible for establishing and maintaining a robust IT GRC framework for Motus IT. This role involves developing controls to manage IT risks and ensure compliance with regulatory requirements that align with IT strategies and Motus's overall objectives.

Specific Role Responsibilities

Key Responsibilities

Governance:

Oversee the development, implementation, and management of the IT GRC program. Develop and implement IT governance frameworks and policies to ensure alignment with business objectives and regulatory requirements. Establish and enforce IT standards and practices to ensure the effective and efficient use of IT resources. Coordinate with other business areas to integrate IT governance into the overall corporate governance framework

Risk Management

Engage with IT functions to Identify, assess, and prioritize IT risks. Quality assure and monitor risk mitigation strategies and action plans. Monitor and report on the effectiveness of risk management initiatives and controls. Monitor the implementation and maintenance of IT risk self-assessment programs across the organization. Pro-actively manage and mitigate all potential IT risks to the organization, in association with senior management. Coordinate third-party IT supplier risk assessments to ensure supply chain risk is managed throughout the supplier's lifecycle.

Compliance

Ensure IT operations comply with relevant laws, regulations, and standards, including but not limited to GDPR, POPIA, and industry best practices (COBIT, ITIL, NIST). Conduct regular assessments to ensure adherence to compliance requirements. Coordinate with internal and external auditors on audit cycles and manage audit findings and remediation efforts.

Policy Environment

Work closely with the IT team to develop and implement organization-wide IT policies, processes and procedures. Assess the policy environment to ensure alignment with GRC practices.

Reporting and Documentation

Prepare reports for relevant governance committees. Develop and maintain IT GRC processes, policies, and procedures. Establish robust reporting mechanisms for tracking IT projects, disaster recovery metrics, cybersecurity metrics, and management of risks.

Continuous Improvement

Stay abreast of industry trends and regulatory changes. Recommend and implement improvements to the IT GRC program to enhance compliance status. Perform regular IT governance maturity assessments and implement improvement plans. Develop training plans to embed the IT governance programme. Continuously evaluate and improve ICT reporting processes and reports to deliver more valuable insights and recommendations.

People Management

Proven ability to lead and manage cross-functional teams. Foster a culture of accountability and continuous improvement.

Stakeholder Management

Strong communication and interpersonal skills, with the ability to interact effectively with stakeholders at all levels.

Qualifications and Experience

Required Qualifications and Experience:

Bachelor's degree in information technology, computer science, or a related field. An MBA and/or professional certifications such as CISA or CRISC are a plus. Minimum of 5-7 years of experience in IT governance, risk management. In-depth knowledge of IT governance frameworks, risk management methodologies, and compliance standards.

Skills and Personal Attributes

Analytical mindset

: Strong analytical thinking and problem-solving abilities. Ability to analyse incident data and risk indicators.

Attention to detail

: Must be proactive and detail-oriented in identifying issues and implementing solutions within governance programs.

Effective communicator

:Strong communication skills to translate complex compliance issues into clear, actionable guidance

Technical Aptitude

: Comfortable working with technical teams and understanding technical documentation.

Stakeholder Orientated

: Ensure that stakeholder relationships are effectively managed.

Stress management

: Resilient under pressure, with the ability to manage multiple competing priorities without compromising quality.

Business Acumen

: Understanding of the organization's business model, operations, and strategy and ability to link IT risks and compliance issues to business impact.